Apparatus, method and computer software products for controlling a home terminal

ABSTRACT

An internet terminal, which includes a communication unit for sending and receiving packet data, an encryption unit for encrypting and decrypting packet data, a packet generation unit for generating packet data to be sent to a server apparatus, a protocol determination unit for determining a communication protocol to be used between the internet terminal and the server apparatus, a control request reading unit for reading in packet data and a control request packet that includes a control request, a control unit for receiving control information and controlling the internet terminal or a terminal apparatus accordingly. Further, the internet terminal includes a server certificate authentication unit for authenticating the validity of a server certificate sent by the server apparatus, a client certificate management unit for sending a client certificate to the server apparatus, and a storage unit for storing a terminal ID and other information.

FIELD OF THE INVENTION

The present invention relates to a home terminal apparatus for sendingand receiving packet data to and from a router connected to an externalnetwork, the home terminal apparatus being connected to the router via ahome network, and a communication system using said home terminalapparatus.

DESCRIPTION OF THE RELATED ART

Recently, access networks such as ADSL (Asymmetric Digital SubscriberLine), optical fiber network and the like which are broadband capable ofhandling a large amount of communication data and which are accessibleat all times have been widespread at an accelerated rate even amongordinary homes. At the same time, many kinds of home networks fororganically connecting home appliances at home with one another areunder standardization. Under these circumstances, it is expected that auser of these home appliances will be able to operate them from anoutside location by remotely operating his/her mobile terminal which canbe connected to the Internet and by transmitting control information tosuch home appliances via the Internet and a home network.

When a connection is made between external and home networks in aconventional method: (i) a plurality of home internet terminals assignedwith local addresses are connected, via a home network, to a routerconnected to an internet network; (ii) the router is connected to theinternet network via an internet service provider (ISP) using acommunication line; and (iii) the internet service provider (ISP)assigns a global address to the router.

When an external server apparatus makes a control request to an internetterminal at home by the use of a global address, the followingconventional methods are used: a router is set to perform static IPmasquerading (e.g. Japanese Laid-Open Patent Application No.2000-341337) and an internet terminal performs polling (e.g. JapaneseLaid-Open Patent Application No. 08-204704 and Japanese Laid-Open PatentApplication No. 2000-183923).

In static IP masquerading, a router, when receiving packet data in whicha specific port number is described as a destination port number,converts the destination address into the local address of an internetterminal, and then routes the packet data to the internet terminal, witha global address and local addresses being registered in a conversiontable as fixed addresses in advance. Therefore, it is possible in staticIP masquerading to commence a session not only from the local side butalso from the global side.

In the method in which an internet terminal performs polling, on theother hand, a router receives, from an internet terminal, a local packetto be sent to a server apparatus, and sends such a packet to the serverapparatus after converting the sender's address included in the packetinto the global address of the router and converting the sender's portnumber included in the packet into a port number which can be used bythe router. When this is done, a set of information including the localaddress of the internet terminal, the global address of the router, thesender's port number of the internet terminal, and the sender's portnumber of the router is to be stored in the conversion table for aspecified period of time. Then, when receiving, from the serverapparatus, a response global packet that includes control informationintended for the internet terminal, the router specifies the destinationon the local network by converting the destination address and thedestination port number included in the response global packetrespectively into the local address of the internet terminal and thedestination port number of the internet terminal with reference to theconversion table, and routes the packet to the internet terminal.

In the static IP masquerading and the polling method, TCP, which is aconnection protocol, is generally used as a communication protocol.

Meanwhile, there is disclosed another polling method (e.g., JapaneseLaid-Open Patent Application No. 2000-183923) which improvestransmission efficiency and delay characteristics in a case where thereis a significant difference or a temporal variation in traffic betweencommunication apparatuses.

However, when a user wishes to remotely control his/her home terminalapparatus from an outside location via the internet, it is necessary totake countermeasures against security threats that could occur on theinternet. For example, when a malicious third person makes an attack toturn on air conditioners in many houses all at once, it is assumablethat such attack will cause electricity shock. Therefore, it is requiredto prevent the leakage of a control request on the internet, maliciousthird person's spoofing and others.

Also, remote control information to be sent to a home terminal apparatus(e.g., home appliance) from a user in an outside location is required tobe sent to the target home terminal apparatus immediately. However, whenan internet terminal makes an inquiry to a server apparatus according toa simple polling method, the immediacy of the control request to controla home appliance is lost because of the fact that there is a pollinginterval. Also, there is another problem that a setting for static IPmasquerading cannot be made to a router depending on the type or theimplementation of the router.

SUMMARY OF THE INVENTION

The present invention is intended to solve the above problems whosefirst object is to provide a home terminal apparatus that enablescontrol information which a user sends to a home terminal apparatus suchas a home appliance and the like from an outside location, to beimmediately sent to a terminal apparatus to be controlled by utilizingan existing router, with a secure communication being realized insending/receiving such control information.

The second object is to provide a home terminal apparatus that enablesthe user to remotely control a home terminal apparatus from outside homein a highly secure manner using the user's mobile terminal device, soonafter purchasing the home terminal apparatus, without needing to makecomplicated settings to the home terminal apparatus and a router.

The home terminal apparatus according to the present inventions is ahome terminal apparatus for sending/receiving packet data to and from arouter that is connected to an external network to which a serverapparatus is connected, the home terminal apparatus being connected tothe router via a home network, including a packet generation unitoperable to generate packet data to be sent to the server apparatus, aprotocol determination unit operable to determine a communicationprotocol used between the home terminal apparatus and the serverapparatus, and a communication unit operable to send/receive the packetdata to and from the server apparatus via the router, wherein theprotocol determination unit determines that the home terminal apparatusshould communicate with the server apparatus using (i) a firstcommunication protocol when the communication unit sends addressnotification packet data generated by the packet generation unit to theserver apparatus periodically and repeatedly at a predetermined sendinginterval via the router, and (ii) a second communication protocol whenthe communication unit sends/receives control information to and fromthe server apparatus.

Accordingly, since packet data is periodically sent to the router, it ispossible for the router to always hold a corresponding relationshipbetween global and local addresses. This allows remote controlinformation to be sent to a target terminal apparatus at home at anytime from a mobile terminal in an outside location. Furthermore, sincecontrol information to control a home appliance and the like transmittedbetween the server apparatus and the home terminal apparatus issent/received after a communication protocol between these apparatusesis switched to a secure protocol, it is possible to reliably prevent athird person from illicitly controlling the home appliance by means oftampering and tapping the control information or “spoofing”.

Also, in the home terminal apparatus according to the present invention,the server apparatus includes a second communication unit operable tosend/receive packet data, and a second packet generation unit operableto generate packet data to be sent to the home terminal apparatus,wherein the second packet generation unit generates the notificationpacket indicating the occurrence of the control request to control thehome terminal apparatus, when said control request occurred in theserver apparatus, and the second communication unit sends saidnotification packet to the home terminal apparatus via the router.

Accordingly, it is possible for the server apparatus, which receivedcontrol information for controlling the home terminal apparatus from themobile terminal device, to send, to the home terminal apparatus, anotification packet indicating an occurrence of the control informationbefore sending such control information to the home terminal apparatus,so as to send a control request after a secure communication protocol isestablished. This results in enhanced security in communications.

Note that not only is it possible for the present invention to beembodied as a home terminal apparatus as described above, but also as acommunication system composed of the home terminal apparatus, the routerand the server apparatus, and as a communication method that includes,as its steps, the units of the home terminal apparatus. Furthermore, thepresent invention is also capable of being embodied as a program thatcauses a computer and the like to execute the above communicationmethod. It should be also understood that such program can bedistributed via recording media such as DVDs and CD-ROMs as well as viatransmission media such as a communication network.

As described above, since the home terminal apparatus according to thepresent invention sends address notification packet data periodicallyand repeatedly to the router using a connectionless UDP protocol, it ispossible for the router to always hold a corresponding relationshiptable that lists a corresponding relationship between global and localaddresses. This solves the problem that the router cannot convert theglobal address it stores into a local address of a destination hometerminal apparatus, enabling remote control information from a mobileterminal device to be always sent to the target terminal apparatus.Moreover, since UDP which involves a small amount of communication datais used as a communication protocol, it is possible to lighten theprocessing load to be placed on the server apparatus, the router, andthe home terminal apparatus.

Further, since control information to control a home appliance and thelike, transmitted between the home terminal apparatus and the serverapparatus, is sent after an authentication is performed and channelencryption is performed, the communication protocol between theseapparatuses is switched to TCP, it is possible to reliably prevent athird person from tampering and tapping control information and spoofingto illicitly control a home appliance. Accordingly, the user's anxietywill be eliminated concerning the handling of control information.

Moreover, since the polling method is used for the router, the user isnot required to have any technical knowledge to setup the router.Accordingly, by just getting connected to the router, the user whopurchased a home terminal apparatus can remotely operate home appliancesfrom an outside location using a mobile terminal device. This allows adramatic improvement in the convenience of such user.

For further information about the technical background to thisapplication, Japanese Patent Application No. 2002-286753 filed on Sep.30, 2002, is incorporated herein by reference.

BRIEF DESCRIPTION OF DRAWINGS

These and other objects, advantages and features of the invention willbecome apparent from the following description thereof taken inconjunction with the accompanying drawings that illustrate a specificembodiment of the invention. In the Drawings:

FIG. 1 is a schematic diagram showing an entire configuration of acommunication system according to a first embodiment.

FIG. 2 is an example functional block diagram showing a serverapparatus, an internet terminal, and a terminal apparatus and the likesuch as a home appliance according to the first embodiment.

FIG. 3 is a sequence diagram showing the sending and receiving of localpackets of the internet terminal according to the first embodiment.

FIG. 4 is a flowchart showing an operating procedure to be followed bythe internet terminal according to the first embodiment when sending anaddress notification local packet to the router periodically.

FIG. 5 is a diagram showing an example data structure of UDP addressnotification packet data sent from the internet terminal to the serverapparatus according to the first embodiment.

FIG. 6 is a reference diagram showing a corresponding relationship tableheld by the router according to the first embodiment.

FIG. 7 is a flowchart showing an operating procedure followed by theserver apparatus according to the first embodiment when receiving theaddress notification packet data from the internet terminal.

FIG. 8 is a flowchart showing an operating procedure followed by theserver apparatus according to the first embodiment until it sends thecontrol request to the internet terminal.

FIG. 9 is a diagram showing an example data structure of packet datasent from the server apparatus according to the present invention.

FIG. 10 is a flowchart showing an operating procedure followed by theinternet terminal according to the first embodiment from when itreceives a control request occurrence notification packet from theserver apparatus to when it receives the control request.

FIG. 11 is a diagram showing an example data structure of packet datafor sending a client certificate from the internet terminal to theserver apparatus.

FIG. 12 is a diagram showing an entire configuration of a communicationsystem according to a second embodiment.

FIG. 13 is a diagram showing an example data structure of controlrequest occurrence notification packet data sent by the server apparatusto the internet terminal according to a third embodiment.

FIG. 14 is an example functional block diagram showing the serverapparatus, the internet terminal, the terminal apparatus, an applicationserver apparatus, and an address list notification server apparatusaccording to the third embodiment.

FIG. 15 is a diagram showing an example of application serveridentifier/address information.

DETAILED DESCRIPTION OF THE INVENTION

An explanation is given of a communication system that incorporates aninternet terminal according to the present invention, with reference tothe figures.

First Embodiment

FIG. 1 is a schematic diagram showing an entire configuration of acommunication system according to the first embodiment. Thecommunication system according to the first embodiment is characterizedby that it is possible to receive control information from a mobileterminal device 130 in an outside location and to transmit, to aninternet terminal 110 at home, a control request that has occurred in aserver apparatus 200 in real time and in a secure manner. Note that thenetworks according to the first embodiment are on an always-on stateusing ADSL, optical fiber and the like.

Also note that the internet terminal 110 at home according to thepresent invention utilizes the characteristics of a router 101 when aconnectionless UDP is used as a communication protocol as well as asecure communication channel realized by higher protocol layers such asTCP and SSL, and therefore there is no need to add a new functionalityto the router 101 itself.

In a communication using a connectionless UDP protocol, the router 101holds a corresponding relationship between a local address and a globaladdress only for a certain period of time at the time ofsending/receiving packet data, since it is unknown whether or not therewill be a response from the party on the other end of the communication.Thus, the home internet terminal apparatus 110 according to the presentinvention utilizes the characteristics of the router 101 under UDP.

In a general communication using TCP, a conversion table (to be alsoreferred to as “corresponding relationship table” hereinafter) isgenerated when a connection is established between two partiessending/receiving data, and a corresponding relationship between localand global addresses is deleted when such connection is broken. Also, asession needs to be established between the internet terminal 110 andthe server apparatus 200 before a communication is started. Accordingly,a load is placed on the server apparatus 200 because an acknowledgementshould be made every time packet data is sent/received, while at thesame time a highly secure communication can be achieved because of thereason that TCP has high affinity with the encryption of a communicationchannel as well as authentication processing. On the other hand, aconnectionless UDP protocol allows a high-speed communication sincepacket data is sent unilaterally without a receipt acknowledgment on thereceiver's side, while providing a less accurate communication becauseit is not intended for various kinds of communication control (e.g.,packet data receipt acknowledgment and error correction) which are inthe scope of TCP.

The communication system illustrated in FIG. 1 is composed of the serverapparatus 200, an internet network 120, a mobile terminal device 130,the router 101, and the internet terminal 110, each of which areconnected to one another via a cable or wireless communication line.

In a local network 100, the router 101 routes incoming and outgoingpacket data to and from the house in an integrated manner, and therouter 101 and a PC 102, a PC 106 and others inside the house areconnected to each other via a LAN and the like. Also, the router 101 isconnected to home appliances such as an air conditioner 103, a ricecooker 104, and a DVD video recorder 105 via radio waves from theinternet terminal 110, using a communication protocol such as ECHONET.

The router 101 is capable of routing packet data transmitted between theexternal and home networks, converting an IP address described in an IPheader from a global address to a local address, and intentionallydestroying packet data that matches a predetermined condition.

Connected to the internet network 120 are the mobile terminal device 130such as a mobile phone by which the user can send control informationfrom an outside location and the server apparatus 200 dedicated toreceiving control information sent by the user and sending it to theinternet terminal 110 at home, so as to remotely control a homeappliance and the like.

Dotted lines shown in FIG. 1 indicate the flow of remote controlinformation. Control information sent by the user of the mobile terminaldevice 130 is sent to the server apparatus 200, which then specifies theglobal address of the router 101 on the home network, using a user ID, atelephone number, a password, and the like. Next, the server apparatus200 sends, to the internet terminal 110 to be controlled, a globalpacket added with the global address, the terminal ID and others.

Note that the home appliance 103 and others on the local network 100 arewirelessly connected to the internet terminal 110, but the presentinvention is not limited to this configuration, and therefore it is alsopossible that control information can be transmitted with the homeappliance 103 and others being connected directly to the local network.

FIG. 2 is an example functional block diagram showing the serverapparatus 200, the internet terminal 110, and the terminal apparatus 103such as a home appliance.

The server apparatus 200 is capable of receiving control informationfrom the mobile terminal device 130, as well as notifying the internetterminal 110 that a control request has occurred, before sending suchcontrol information to the internet terminal 110. Moreover, the serverapparatus 200 is characterized by that it generates packet data resultedby adding destination address information to the control information andsends it to the target internet terminal 110 on the local network, aftera secure communication is established between the server apparatus 200and the internet terminal 110.

Such server apparatus 200 is comprised of a communication unit 201, anencryption processing unit 202, a packet generation unit 203, a readingunit 204, a control request occurrence notification unit 205, a servercertificate management unit 206, a client certificate authenticationunit 207, and a terminal information storage unit 208.

The communication unit 201 sends, to the router 101, packet datagenerated by the packet generation unit 203 via the internet network120, and receives packet data sent from the mobile terminal device 130and the router 101.

The encryption processing unit 202 encrypts and decrypts packet datasent/received by the communication unit 201.

The packet generation unit 203 generates packet data made up of a headerpart and a data part to be sent from the server apparatus 200 to theinternet terminal 110. The data part includes information such as acontrol request occurrence notification.

The reading unit 204 reads a control request to control the internetterminal 110 sent from the mobile terminal device 130 to the serverapparatus 200.

The control request occurrence notification unit 205 instructs thepacket generation unit 203 to generate a control request occurrencenotification frame in order to notify the internet terminal 110 of anoccurrence of a control request.

The server certificate management unit 206 holds a server certificate toverify the validity of the server apparatus 200, and sends the servercertificate to the internet terminal 110.

The client certificate authentication unit 207 authenticates thevalidity of a client certificate sent from the internet terminal 110,using a public key and the like of a certificate authority.

The terminal information storage unit 208 stores a table 208 a in whichthe following information is recorded as a set of terminal information:the terminal ID, the sender's address, and the sender's port numberincluded in the global packet sent by the router 101.

The router 101 is a routing device for routing packet data on theexternal and local networks, and the internet terminal 110 and othersinside the house are connected to the external network via the router101 in an integrated manner.

The router 101 is assigned with a unique global address by the internetservice provider (ISP) 140, and a local packet sent by the router 101 isdelivered to a router of such internet service provider. The localpacket is then sent to the server apparatus 200 as a destination overthe internet network 120.

The mobile terminal device 130 is a device for selecting controlinformation used by the user in an outside location to remotely operatethe home appliance 103 and the like at home. Examples of controlinformation are “start the rice cooker at six” and “turn on the airconditioner immediately”. The mobile terminal device 130 is also capableof receiving information indicating the result of controlling the homeappliance 103 and the like.

The internet terminal 110 is a terminal apparatus capable of managingthe home appliance 103 and others at home in an integrated manner. Theuser can control the home appliance 103 and others in an integratedmanner by sending control information to this internet terminal 110.Note that an example of a communication protocol used for acommunication between the internet terminal 110 and the home appliance103 and the like is ECHONET. A unique local address is assigned by therouter 101 respectively to the internet terminal 110, the PC 102, andothers.

The internet terminal 110 is comprised of a communication unit 111, anencryption processing unit 112, a packet generation unit 113, a protocoldetermination unit 114, a control request reading unit 115, a controlunit 116, a server certificate authentication unit 117, a clientcertificate management unit 118, and a storage unit 119.

The communication unit 111 sends and receives packet data to and fromthe router 101 via the local network.

The encryption processing unit 112 encrypts the data part of packet datato be sent to the server apparatus 200 and decrypts packet data sent bythe server apparatus 200.

The packet generation unit 113 generates packet data to be sent to theserver apparatus 200. Packet data to be used is a UDP packet, a TCPpacket and the like.

The protocol determination unit 114 determines which communicationprotocol should be used between the internet terminal 110 and the serverapparatus 200. Note that the protocol determination unit 114 instructsthe packet generation unit 113 to generate a TCP connection requestpacket when making a request to establish a TCP connection. Note thatsince the data structure of a TCP connection request packet is specifiedin TCP and IP, an explanation thereof is not given in the firstembodiment.

The control request reading unit 115 reads in packets sent by the serverapparatus 200 such as packet data for making a control requestnotification and a control request packet including a control request,and notifies the protocol determination unit 114 and the control unit116 of the result of reading such packet data.

The control unit 116 receives a control request from the control requestreading unit 114, and controls the internet terminal 110 or the terminalapparatus 103 accordingly. Note that “control” described in theexplanation of the first embodiment includes: power ON/OFF of a terminalapparatus, change in a numeric value which was set before, screendisplay, print instruction, program activation, data transmission toanother terminal apparatus. More specifically, control information is“program the DVD-video recorder to record a TV program at seven”, “checkwhether the cooking stove is turned off” and so forth.

The server certificate authentication unit 117 authenticates thevalidity of a server certificate sent by the server apparatus 200, usinga public key and the like included in a root CA certificate which itholds.

The client certificate management unit 118 holds a client certificate toverify the validity of the internet terminal 110, and sends such clientcertificate to the server apparatus 200.

The storage unit 119 holds information such as a terminal ID and thelike used to identify the internet terminal 110.

In FIG. 2, home appliances connected to the internet terminal 110include the air conditioner 103, the rice cooker 104, and the DVD-videorecorder 105, which shall be connected to the internet terminal 110 inthe first embodiment. However, these home appliances may also beconnected directly to a wireless network, an electric wire, a LAN andother networks.

The terminal apparatus 103, which is a home appliance, has acommunication unit 103 a and an appliance control unit 103 b. Thecommunication unit 103 a is a processing unit for sending and receivingcontrol information to and from the control unit 116 of the internetterminal 110. The appliance control unit 103 b receives a controlcommand from the internet terminal 110 and controls the home appliance103. An example control command is “start the rice cooker at ten.”

FIG. 3 is a sequence diagram showing the sending and receiving of localpackets of the internet terminal 110 according to the first embodiment.

The local packet 301, which is sent from the internet terminal 110 tothe router 101, is made up of the header part which includes adestination address, a destination port number, a sender's address, anda sender's port number, and of the data part which includes data.Further, the sender's address and the sender's port number include thelocal IP address and the local port number of the internet terminal 110,and the destination address and the destination port number include theglobal IP address and the global port number of the server apparatus200.

The global packet 302 is sent from the router 101 to the serverapparatus 200. The sender's address and the sender's port numberincluded in the global packet 302 are converted by the router 101 into aglobal address and a global port number unique to the router 101. Thesender's address and the sender's port number include the global IPaddress and the global port number of the server apparatus 200.

In the present invention, the internet terminal 110 is characterized bythat it periodically sends a local packet to the router 101 at everyspecified polling interval. Under UDP, the router 101 stores acommunication status between the global and local sides in thecorresponding relationship table for a certain period of time. Usually,a corresponding relationship between the local address and the globaladdress in a local packet sent to the router 101 disappears after aholding period. In the present invention, however, the internet terminal110 periodically sends packet data at every polling interval which isshorter than the holding period.

Accordingly, since a corresponding relationship between the local andglobal addresses is always stored in the router 101, it is possible forsuch router 101 to convert, from a global address to a local address,the destination address and the destination port number included in acontrol request occurrence notification global packet 306 sent from theserver apparatus 200, which is always on the global side, for making anotification that a control request has occurred, and to route thepacket to the internet terminal 110 to be controlled.

Next, an explanation is given of the communication sequence in a casewhere the control request 305 is made by the user from the mobileterminal device 130. In order to notify the internet terminal 110 of anoccurrence of the control request 305, the server apparatus 200 sendsthe control request occurrence notification global packet 306 to theinternet terminal 110 via the router 101. Then, the router 101 convertsthe global address included in such received packet into a local addressas described above.

On the receipt of the control request occurrence notification localpacket 307, the internet terminal 110 sends the TCP connection requestpacket 308 to the server apparatus 200 via the router 101 in order tostart a session using TCP as a communication protocol. Then, the router101 converts the local address included in such received packet into theglobal address as described above.

On the receipt of the TCP connection request packet 309, the serverapparatus 200 sends a TCP connection acceptance global packet 310 to therouter 101. The router 101 converts such received TCP connectionacceptance global packet 310 from a global packet into a local packet,and sends the resultant to the internet terminal 110. A TCP connection321 is established between the server apparatus 200 and the internetterminal 110 when the internet terminal 110 receives a TCP connectionacceptance local packet 311.

Subsequently, the internet terminal 110 makes an attempt to establish asecure channel between the server apparatus 200 and itself. Note thatthe first embodiment is explained on the assumption that SSL (SecureSockets Layer) is employed for the purpose of ensuring security. First,the internet terminal 110 sends a server certificate request localpacket 312 to the router 101. The router 101 converts the receivedpacket into a server certificate request global packet 313, and sends itto the server apparatus 200. On the receipt of such server certificaterequest global packet 313, the server apparatus 200 sends, to theinternet terminal 110, a server certificate 314 held by the servercertificate management unit 206 in order to be authenticated by theinternet terminal 110. In the internet terminal 110, when thecommunication unit 111 receives a server certificate 315 via the router101, the server certificate authentication unit 117 performsauthentication on the server apparatus 200 to verify if it is anauthorized communication partner.

Next, a temporary key exchange 322 is carried out to exchange a serverprivate key which the server apparatus 200 already possesses with aserver public key included in the server certificate 315 which theinternet terminal 110 has received, so as to use such exchanged keys forencrypting and decrypting data to be exchanged in this communication. Atypical temporary key standard is DES, 3DES and others. The aboveexchange is carried out in order that the server apparatus 200 and theinternet terminal 110 will be able to select the type of a key standardwhich both of them can support. When the temporary key exchangecompletes, it becomes possible for both parties to encrypt dataexchanged between them, marking the establishment of an SSL connection323.

Then, the internet terminal 110 sends, to the router 101, a clientcertificate 316 which the client certificate management unit 118 holds.In the server apparatus 200, the communication unit 201 receives aclient certificate 317 via the router 101, and the client certificateauthentication unit 207 performs authentication on the internet terminal110 in order to verify if the internet terminal 110 is an authorizedcommunication partner.

It is after authenticating each other as authorized communicationpartners that the internet terminal 110 and the server apparatus 200start communicating with each other. Accordingly, the server apparatus200 sends, to the router 101, a control request packet 318 in which thecontrol request is stored, and the internet terminal 110 receives, viathe router 101, the a control request packet 319 in a secure manner.

After this, an optional data transmission 320 is carried out between theserver apparatus 200 and the internet terminal 110 according to need. Anexample of such optional data transmission 320 is a notification and thelike of a “control result” from the internet terminal 110 to the serverapparatus 200.

Finally, a TCP communication disconnection 324 is made between theserver apparatus 200 and the internet terminal 110 at the completion ofthe data transmission.

Note that, in the first embodiment, it is possible to prevent a thirdperson's “spoofing” and the like by having the server apparatus 200 andthe internet terminal 110 exchange their certificates (servercertificate and client certificate) and authenticate each other beforethe commencement of a communication. A standard to be employed for thecertificates in the present embodiment may be either the X.509, which isa typical certificate format, or an original format to be determinedbeforehand by the server apparatus 200 and the internet terminal 110.Regarding the transmission of packet data, since encryption is performedusing temporary keys which have been exchanged by following a secureprocedure after the exchange of the certificates, it is possible toprevent the details of the data from being tapped, even when the packetdata is copied while being transmitted.

Also note that the encryption of server authentication, clientauthentication, and data is not mandatory, and therefore at least one ofthese may not be encrypted depending of a requirement specification.

FIG. 4 is a flowchart showing the operating procedure to be followed bythe internet terminal 110 according to the first embodiment whenperiodically sending an address notification local packet to the router101.

The storage unit 119 in the internet terminal 110 holds terminal IDs andpasswords, and the packet generation unit 113 generates a frame 1incorporating a terminal ID and a password obtained from the storageunit 119, and passes it to the communication unit 111 (S401). Thecommunication unit 111 adds, to the frame 1 which is a data part 502, aheader part 501 that includes a destination address 503, a destinationport number 504, a sender's address 505, and a sender's port number 506,and sends, to the router 101, the address notification local packetcontaining the header part 501 and the data part 502.

The communication unit 111 judges whether or not a predetermined pollinginterval has passed (S402). When the result of the judgment shows thatthe polling interval has passed (Y in S402), the communication unit 111sends the address notification local packet to the router 101 (S403),whereas it obtains a polling interval when the result of the judgmentshows that the predetermined polling interval has not yet passed (N inS402).

FIG. 5 is a diagram showing an example data structure of addressnotification packet data sent from the internet terminal 110 to theserver apparatus 200 according to the first embodiment. The header part501 includes the following data: the destination address 503 as theaddress of the server apparatus 200; the destination port address 504 asa port number which the server apparatus 200 can use; the sender'saddress 505 as the address of the internet terminal 110; and thesender's port number 506 as the port number of the internet terminal110. The data part 502 includes a terminal ID 507 for identifying theinternet terminal 110 and a password 508 and the like. Note that anexample data structure of a global packet is the same as that of a localpacket illustrated in FIG. 5, but the difference between them is thatthe sender's address and port number in a global packet are converted bythe router 101 from a local address to a global address.

FIG. 6 is a reference diagram showing a corresponding relationship table600 held by the router 101 according to the first embodiment. Thecorresponding relationship table 600 lists, in a paired manner, localaddresses and port numbers of the local network side and a globaladdress and port numbers of the external network side. The router 101makes a conversion between local and global addresses with reference tothis corresponding relationship table 600.

An explanation is given of conversion processing performed by the router101 when receiving a UDP local packet from the internet terminal 110 andconverting it into a global packet so as to send the resultant to theserver apparatus 200. When receiving the local packet, the router 101generates a UDP global packet by converting the sender's address 505included in the local packet into the global address of the router 101and by converting the sender's port number 506 included in the localpacket into a port number which the router 101 can use, with the aim ofmaking an efficient use of the global address, and sends the generatedglobal packet to the server apparatus 200.

Moreover, the router 101 stores, in the corresponding relationship table600, a combination of the local address and the sender's port number ofthe internet terminal 110 and the global address and the port number ofthe router 101 as table information. Similarly, when receiving a UDPresponse local packet from the server apparatus 200, the router 101updates the corresponding relationship table 600, and sends a responselocal packet to the internet terminal 110.

When UDP is used, the router 101 deletes a pair of the address and theport number of the internet terminal 110 and the address and the portnumber of the router 101 stored in the conversion table as acorresponding relationship, when there was no local packet or globalpacket received during a certain period of time. Meanwhile, when theconversion table does not list a pair of the above addresses and portnumbers included in received packet data, such packet data received bythe router 101 shall be destroyed.

Similarly, when the router 101 receives a TCP global packet from theserver apparatus 200, it converts a global address included in thepacket into a local address according to the conversion table, androutes a TCP local packet to the internet terminal 110.

FIG. 7 is a flowchart showing the operating procedure followed by theserver apparatus 200 according to the first embodiment when receivingthe address notification packet data from the internet terminal 110.

First, the communication unit 201 of the server apparatus 200 performsthe processing for receiving the global packet from the router 101(S701). When the communication unit 201 receives the global packet (Y inS701), the terminal information storage unit 208 obtains a set ofinformation including the terminal ID 507, the sender's address 505, andthe sender's port number 506 included in the global packet, andgenerates and stores the table 208 a, with the above obtained set ofinformation as terminal information (S702).

Meanwhile, when the communication unit 201 does not receive the globalpacket (N in S701), it performs the receiving processing again. Notethat the encryption processing unit 202 does not encrypt the addressnotification packet data in the first embodiment.

FIG. 8 is a flowchart showing the operating procedure followed by theserver apparatus 200 according to the first embodiment until it sendsthe control request to the internet terminal 110.

When it is judged that there is a control request from the mobileterminal device 130 or when a control request occurs in the serverapparatus 200 (Y in S801), the control request occurrence notificationunit 205 instructs the packet generation unit 203 to generate a controlrequest occurrence notification packet in which a control requestoccurrence notification is stored in the data type field in a frame 2.

Subsequently, the packet generation unit 203 generates a control requestoccurrence notification packet made up of a data part which includes thedata type of the control request occurrence notification and theterminal ID of the internet terminal 110, and of a header part whichincludes sender's and destination addresses and port numbers which areextracted from the terminal information retained by the terminalinformation storage unit 208 according to the terminal ID (S802). Notethat the data structure of such control request occurrence notificationpacket is explained later with reference to FIG. 9B.

Next, the communication unit 201 sends the control request occurrencenotification packet to the router 101 (S803).

Then, the communication unit 201 of the server apparatus 200 judgeswhether or not a TCP connection request packet has been received fromthe internet terminal 110 (S804). When the result of the judgment showsthat the communication unit 201 has not received the TCP connectionrequest packet (N in S804), it terminates the control request receivingprocessing. On the other hand, when the communication unit 201 hasreceived the TCP connection request packet (Y in S804), the packetgeneration unit 203 generates a TCP connection acceptance packet inwhich “TCP connection commencement notification” is stored in the datatype field, and the communication unit 201 sends such generated TCPconnection acceptance packet to the internet terminal 110 (S805).Accordingly, a TCP connection is established.

When the communication unit 201 of the server apparatus 200 receives aserver certificate request packet from the internet terminal 110 (S806),the server certificate management unit 206 sends, to the internetterminal 110, a server certificate to verify that the server apparatus200 is an authorized communication partner, via the communication unit201 (S807). Here, the server certificate may be in the X.509 format, anoriginal format or others. The server apparatus 200 and the internetterminal 110 exchange their temporary keys using a public key includedin the server certificate, making it possible for an SSL connection toget started. Meanwhile, when not receiving the server certificaterequest packet, the communication unit 201 terminates the controlrequest receiving processing (N in S806).

Next, the server apparatus 200 performs authentication on the clientcertificate sent by the internet terminal 110 (S808). More specifically,on the receipt of the client certificate, the client certificateauthentication unit 207 of the server apparatus 200 performsauthentication on such received client certificate. And when thevalidity of the internet terminal 110 cannot be verified (N in S808),the control request receiving processing is terminated.

When the validity of the internet terminal 110 has been verified (Y inS808), the server apparatus 200 sends a control request packet to theinternet terminal 110 (S809). To be more specific, in order to generateand send a control request packet in compliance with TCP intended fornotifying the internet terminal 110 about the control request: thepacket generation unit 203 generates a data part that includes thecontrol request command and adds a header part which describes senderand destination address and port number information; the encryptionprocessing unit 202 encrypts such data part using the public key; andthe communication unit 201 sends the generated control request packet tothe router 101. Note that FIG. 9D illustrates an example of the TCPcontrol request packet indicating the control request. This is the endof a series of processing performed by the server apparatus 200according to the first embodiment when sending the control request.

Note that, instead of sending the control request packet automaticallyto the internet terminal 110 after authentications of the servercertificate and the client certificate complete as described above, itis also conceivable that the server apparatus 200 sends the controlrequest packet only when it receives, from the internet terminal 110, aninquiry packet for enquiring about the control request.

FIGS. 9A-9D are diagrams showing example data structures of packet datasent from the server apparatus 200 according to the present invention.

FIG. 9A illustrates the data structure of packet data including acontrol request command 902 generated in the server apparatus 200 inresponse to the control request and the like sent by the mobile terminaldevice 130. This packet data includes at least: a terminal ID 901 of theinternet terminal 110 to be controlled; and the control request command902 in which control information (e.g., “start operating the airconditioner at eight”) is recorded.

FIG. 9B is a diagram showing the data structure of a control requestoccurrence notification packet 903 sent from the server apparatus 200 tothe internet terminal 110. A header part 904 contains a destinationaddress 906, a destination port number 907, a sender's address 908 and asender's port number 909. A data part 905 contains a data type 910 thatincludes an identifier for identifying the control request occurrencenotification (to be referred to as “control request occurrencenotification identifier” hereinafter), and a terminal ID 911 unique tothe internet terminal 110.

FIG. 9C illustrates the data structure of a packet 912 for sending theserver certificate held by the server certificate management unit 206 ofthe server apparatus 200. The packet 912 is made up of a header part 913that includes a destination address 914, a destination port number 915,a sender's address 916, and a sender's port number 917, as well as of acertificate serial number 931, a certificate authority name 932, acertificate expiration date 933, a server owner's name 934, a serverowner's contact information (e.g. e-mail address) 935, a public key 918,and a CA signature 919 created by the certificate authority.

FIG. 9D illustrates an example data structure of a control requestoccurrence notification packet 920. A header part 921 contains adestination address 923, a destination port number 924, a sender'saddress 925 and a sender's port number 926. A data part 922 contains adata type 927 that includes a control request information notificationidentifier, a terminal ID 928 unique to the internet terminal 110, and acontrol request command 929, generated in the server apparatus 200,including a control request.

FIG. 10 is a flowchart showing the operating procedure followed by theinternet terminal 110 according to the first embodiment from when itreceives the control request occurrence notification packet from theserver apparatus 200 to when it receives the control request.

The communication unit 111 waits for receiving the control requestoccurrence notification packet (S1001). When the communication unit 111receives the control request occurrence notification packet (Y inS1001), the control request reading unit 115 performs authentication ofthe received packet data (S1002). The control request reading unit 115performs this authentication by making a judgment, for example, on thefollowing points: (i) whether or not the data type 910 included in thedata part 905 matches the control request occurrence notificationidentifier; (ii) whether or not the terminal ID 911 matches the terminalID possessed by the internet terminal 110; (iii) whether or not the portnumber matches the local port number used when the frame 1 is generated;(iv) whether or not the IP address matches the IP address of the serverapparatus 200 registered as a communication partner; and (v) whether ornot the packet data is received within a predetermined interval. Whenany one of the above points is not satisfied, the communication unit 111returns to the wait state for receiving a UDP local packet for controlrequest occurrence notification (N in S1002). Note that thecommunication unit 111 waits for receiving the control requestoccurrence notification packet when it has not received the controlrequest occurrence notification packet (N in S1001).

Meanwhile, when the control request reading unit 115 has verified all ofthe above points (Y in S1002), the packet generation unit 113 generatesa TCP connection establishment packet, and the communication unit 111sends it to the server apparatus 200 (S1003). The internet terminal 110receives a TCP connection acceptance packet from the server apparatus200, and establishes a TCP connection (S1004).

When a TCP connection is established (Y in S1004), the internet terminal110 requests the server apparatus 200 to send the server certificate, inorder to verify the validity of the server apparatus 200 as acommunication partner (S1005). Upon the receipt of the servercertificate, the server certificate authentication unit 117 performsauthentication on such server certificate (S1006). This authenticationis performed by the use of an SSL public key and a certificateauthority's digital signature, for example, which are generally used.

When the validity of the received server certificate cannot be verified(N in S1006), the server certificate authentication unit 117 terminatesa series of processing and waits for a control request occurrencenotification packet again to determine that the internet terminal 110 iscommunicating with an unauthorized apparatus.

Meanwhile, when the server certificate authentication unit 117 hasverified the validity of the received server certificate (Y in S1006),the client certificate management unit 118 sends, to the serverapparatus 200, the client certificate attached with a digital signaturefor verifying the validity of the internet terminal 110 via thecommunication unit 111, to determine that the server apparatus 200 is anauthorized communication partner (S1007). The client certificate may bein the X.509 format, an original format or the like.

Next, the communication unit 111 of the internet terminal 110 checkswhether or not the control request packet has been received from theserver apparatus 200 (S1008). When the communication unit 111 hasreceived the control request packet (Y in S1008), the control requestreading unit 115 reads out the control request command 809 included inthe data part of the received control request packet. When thecommunication unit 111 fails to receive the control request packet (N inS1008), the communication unit 111 waits for receiving the controlrequest occurrence notification packet again (S1001).

Then, the control unit 116 controls the internet terminal 110 or thehome appliance 103 on connection, according to the control requestcommand 809 included in the data part of the control request packet(S1009).

Note that the above-described server authentication may be omitted inthe internet terminal 110 and the server apparatus 200 according to thefirst embodiment. Moreover, the client authentication may also beomitted according to need. When both the server authentication and theclient authentication are performed, any one of them can be performedahead of the other.

FIG. 11 is a diagram showing an example data structure of packet data1101 for sending the client certificate from the internet terminal 110to the server apparatus 200.

This packet data 1101 for sending the client certificate has a generaldata structure which is made up of a header part 1102 including adestination address 1103, a destination port number 1104, a sender'saddress 1105, and a sender's port number 1106, as well as of a clientcertificate 1107.

As described above, the internet terminal 110 according to the firstembodiment is comprised of the protocol determination unit 114 thatdetermines whether to use UDP or TCP to communicate with the serverapparatus 200, the control request reading unit 115 that reads outinformation included in received packet data, the server certificateauthentication unit 117 that performs authentication on a communicationpartner using its server certificate, and the client certificatemanagement unit 118 that manages a client certificate.

Accordingly, a connectionless UDP protocol that involves a lightprocessing load and that realizes a real time communication is used foran address notification local packet to be periodically sent by theinternet terminal 110 at a certain polling interval, whereas TCP, SSLand the like are used for sending/receiving information which requiressecurity such as a control request to control a home appliance and thelike, its control result, and related information, in order to realize ahighly secure communication.

Furthermore, since the server certificate authentication unit 117performs authentication of the server apparatus 200 as a communicationpartner, it is possible to reliably prevent a malicious third personfrom illicitly controlling the internet terminal 110 by means of“spoofing” and the like.

Further, since the internet terminal 110 according to the firstembodiment sends a local packet to the server apparatus 200 periodicallyat a communication interval via the router 101, it is possible for therouter 101 to always hold a corresponding relationship table that showsa relationship between global and local addresses and port numbers whenthe polling method is used. This allows control information to be sentfrom the global side to the local side at any time, making it possiblefor the user in an outside location to remotely operate the internetterminal 110 inside the house in real time by the use of the mobileterminal device 130.

Moreover, according to the present invention, since there is no need formaking a setting for the router 101 by the use of the polling method, itis possible for the user to remotely operate a home appliance from anoutside location by connecting the internet terminal 110 according tothe present invention to the existing router 101.

Second Embodiment

Next, an explanation is given of another preferred embodiment accordingto the present invention. In the second embodiment, control informationis sent to the internet terminal 110 from an application serverapparatus 1201 to be explained below.

FIG. 12 is a diagram showing an entire configuration of a communicationsystem according to the second embodiment. The communication systemaccording to the second embodiment newly incorporates the applicationserver apparatus 1201 in addition to the configuration of thecommunication system according to the above-explained first embodimentillustrated in FIG. 2, and is characterized by that a table 1202 isstored in the storage unit 119 in the internet terminal 110. Note that,in FIG. 12, the same constituent elements as those illustrated in FIG. 2are assigned with the same numbers, and detailed explanations thereofare omitted.

This application server apparatus 1201 is a server which handles, forexample, an application dedicated to remotely operating a home applianceat home from an outside location.

The table 1202 stored in the recording unit 119 holds application serveridentifier/address information made up of at least a set of anapplication server identifier for identifying the application serverapparatus 1201, and a pair of the IP address and the port number of theapplication server apparatus 1201.

Next, an explanation is given of the operation in the communicationsystem according to the second embodiment. When the user makes a controlrequest from an outside location using the mobile terminal device 130,such control request is sent to the application server apparatus 1201.In the server apparatus 200, the control request occurrence notificationunit 205 sends, to the internet terminal 110, a control requestoccurrence notification packet in which an application server identifieris further incorporated into the data part. Note that the data structureof the control request occurrence notification packet is explained laterwith reference to FIG. 13.

In the internet terminal 110, the control request reading unit 115extracts, from the application server identifier/address informationstored in the table 1202, an address and a port number that correspondto the application server identifier included in the data part of theabove-received control request occurrence notification packet. Then, thecommunication unit 111 requests, via the router 101, the applicationserver apparatus 1201 corresponding to the extracted address and portnumber to establish a TCP connection.

Note that the processing procedure followed by the internet terminal 110and the server apparatus 200 after a TCP connection request packet issent, is the same as that of the above-explained first embodiment.

FIG. 13 shows an example data structure of a control request occurrencenotification packet 1300 sent by the server apparatus 200 to theinternet terminal 110. Its header part 1301 contains a destinationaddress 1303, a destination port number 1304, a sender's address 1305,and a sender's port number 1306, and its data part 1302 contains a datatype 1307 that includes a control request occurrence notificationidentifier, a terminal ID 1308 unique to the internet terminal 110, andan identifier 1309 of the application server apparatus 1201.

As explained above, since the communication system according to thesecond embodiment incorporates the application server apparatus 1201,which uses a dedicated application for the internet terminal 110 forremotely operating a home appliance, it is possible for the serverapparatus 200 to be shared as a control request receiving server, evenwhen the system involves more than one application.

Moreover, even in a case where an internet terminal for providing adifferent kind of service is to be provided, it is possible to sendaddress notification packet data to the same server apparatus 200 byappropriately using, depending on need, either the application serverapparatus 1201 or the server apparatus 200 that periodically receives apacket.

Third Embodiment

Next, an explanation is given of another preferred embodiment using theinternet terminal 110 according to the present invention. The thirdembodiment is characterized by that it incorporates an address listnotification server apparatus 1401 for notifying the internet terminal110 of a set of application server identifier/address information storedin the table 1202 of the storage unit 119 via the router 101.

FIG. 14 is an example functional block diagram showing the serverapparatus 200, the internet terminal 110, the terminal apparatus 103,the application server apparatus 1201, and the address list notificationserver apparatus 1401 according to the third embodiment.

In FIG. 14, the address list notification server apparatus 1401 fornotifying the internet terminal 110 of a set of application serveridentifier/address information, is newly added to the configurationillustrated in FIG. 12. Note that, in FIG. 14, the same constituentelements as those illustrated in FIG. 12 are assigned with the samenumbers, and detailed explanations thereof are omitted.

The address list notification server apparatus 1401 has an informationnotification unit 1402 that sends a set of application serveridentifier/address information to the internet terminal 110.

The internet terminal 110 according to the third embodiment includes aninformation update unit 1403 that receives a new set of applicationserver identifier/address information from the address list notificationserver apparatus 1401, and updates the application serveridentifier/address information stored in the table 1202 of the storageunit 119.

Next, an explanation is given of the procedure of updating theapplication server identifier/address information. The informationupdate unit 1403 of the internet terminal 110 prepares/updates theapplication server identifier/address information stored in the table1202 of the storage unit 119 when receiving a new set of applicationserver identifier/address information from the address list notificationserver apparatus 1401, or when receiving a new set of application serveridentifier/address information as a response to a request which it hasmade to the address list notification server apparatus 1401.

As explained above, in the communication system according to the thirdembodiment, since the storage unit 119 in the internet terminal 110always stores updated application server identifier and the address andport number of the application server apparatus, it is possible toidentify an application server apparatus most currently involved.Furthermore, it is easy to support a change in the address of theapplication server apparatus.

Note that it is also conceivable that the URL of the application serverapparatus 1201 is stored in the table 1202 of the storage unit 119 inthe internet terminal 110, instead of the address and port number of theapplication server apparatus 1201. FIG. 15 shows an example of such setof application server identifier/address information 1500.

The communication unit 111 extracts, from the application serveridentifier/address information 1500 stored in the table 1202 of thestorage unit 119, a URL that corresponds to the application serveridentifier 1309 included in the data part 1302 of the control requestoccurrence notification local packet 1300, and extracts the address andport number of the corresponding application server apparatus, using apredetermined method. DNS (Domain Name System) is an example method ofextracting such address and port number. Subsequently, the communicationunit 111 requests, via the router 101, the application server apparatus1201 that corresponds to the above-extracted address and port number toestablish a TCP connection. Accordingly, it becomes possible for thecommunication unit 111 to receive a control request under TCP.

Note that a mobile phone is used as the mobile terminal device 130 toexplain the preferred embodiments, but the present invention is notlimited to this, and therefore that an equivalent functionality can beachieved by using other terminal devices/apparatuses including PC andPDA which can be connected to the internet network 120.

INDUSTRIAL APPLICABILITY

The home terminal apparatus according to the present invention is suitedto be used as a terminal apparatus at home for sending and receivingpacket data to and from a router connected to an external network, bybeing connected to such router via a home network, and moreparticularly, the home terminal apparatus according to the presentinvention is applicable to a terminal apparatus for remotely operatinghome appliances in an integrated manner as well as applicable to homeappliances and the like such as an air conditioner.

1. A home terminal apparatus connected to a router via a home networkand for sending/receiving packet data to and from the router connectedto an external network to which a server apparatus is connected, saidhome terminal apparatus comprising: a packet generation unit operable togenerate packet data to be sent to the server apparatus via the router;a protocol determination unit operable to determine a communicationprotocol used between said home terminal apparatus and the serverapparatus; and a communication unit operable to send/receive the packetdata to and from the server apparatus via the router, wherein saidprotocol determination unit is operable to determine that said hometerminal apparatus is to communicate with the server apparatus using (i)a first communication protocol, being a User Datagram Protocol (UDP),when said communication unit sends address notification packet datagenerated by said packet generation unit to the server apparatusperiodically and repeatedly at a predetermined sending interval via therouter, and (ii) a second communication protocol, being a TransmissionControl Protocol (TCP), when said communication unit sends/receivescontrol information to and from the server apparatus, wherein when saidcommunication unit receives, from the server apparatus, a notificationpacket indicating an occurrence of a control request to control saidhome terminal apparatus while said communication unit is repeating thesending, using the UDP, of the address notification packet on aperiodical basis: said packet generation unit is operable to generate aconnection request packet, which is a packet for making a connectionrequest to establish a TCP connection to the server apparatus; saidprotocol determination unit is operable to determine that the connectionrequest packet is to be communicated using the second communicationprotocol which is the TCP; and said communication unit is operable tosend the connection request packet to the server apparatus using theTCP, and operable to receive, from the server apparatus, control packetdata, which is data including the control request in the TCP after theconnection is established between the server apparatus and said hometerminal apparatus using the second communication protocol which is theTCP.
 2. The home terminal apparatus according to claim 1 furthercomprising a management unit operable to manage a certificate, which isa certificate for verifying validity of said home terminal apparatus,wherein said communication unit is operable to send, to the serverapparatus, the certificate managed by said management unit, afterreceiving the notification packet.
 3. The home terminal apparatusaccording to claim 1 wherein: said packet generation unit is operable togenerate an inquiry packet, which is a packet for inquiring the serverapparatus about the control request, when the connection is establishedto the server apparatus using the second communication protocol; andsaid communication unit is operable to send the inquiry packet to theserver apparatus via the router.
 4. The home terminal apparatusaccording to claim 1, further comprising an authentication unit operableto authenticate the server apparatus as a communication partner using aserver certificate, which is a certificate for verifying validity of theserver apparatus as the communication partner.
 5. The home terminalapparatus according to claim 4, wherein said authentication unit isoperable to authenticate the validity of the server apparatus as thecommunication partner using an IP address of the server apparatus and/orterminal ID information unique to said home terminal apparatus, which isinformation included in the packet data received by said communicationunit.
 6. The home terminal apparatus according to claim 4, wherein saidauthentication unit is operable to destroy the packet data, when saidcommunication unit receives the packet data within a predeterminedinterval.
 7. The home terminal apparatus according to claim 1, furthercomprising an encryption unit operable to encrypt data in a channelbetween said home terminal apparatus and the server apparatus that usesthe second communication protocol, when the control information issent/received to and from the server apparatus.
 8. The home terminalapparatus according to claim 7, wherein said encryption unit uses SSL toencrypt the data in the channel.
 9. The home terminal apparatusaccording to claim 1, further comprising a control unit operable tocontrol said home terminal apparatus according to the controlinformation.
 10. The home terminal apparatus according to claim 9,wherein: a plurality of terminal apparatuses are connected to said hometerminal apparatus via the home network; each of the terminalapparatuses includes an apparatus control unit operable to control eachterminal apparatus, respectively; said communication unit is operable tosend the control information to each of the terminal apparatuses; andeach of the apparatus control units is operable to control each of theterminal apparatuses, respectively, according to the controlinformation.
 11. The home terminal apparatus according to claim 1,wherein the server apparatus includes: a second communication unitoperable to send/receive packet data to and from said home terminalapparatus via the router; and a second packet generation unit operableto generate the packet data to be sent to said home terminal apparatus,wherein the second packet generation unit is operable to generate anotification packet indicating an occurrence of a control request tocontrol said home terminal apparatus, when the control request occurs inthe server apparatus, and wherein the second communication unit isoperable to send the notification packet to said home terminal apparatusvia the router.
 12. The home terminal apparatus according to claim 11,wherein: a mobile terminal device is connected to the external network,the mobile terminal device being operable to send the control request tocontrol said home terminal apparatus; and the second packet generationunit is operable to generate the notification packet when the secondcommunication unit receives the control request from the mobile terminaldevice.
 13. The home terminal apparatus according to claim 11, wherein:the second packet generation unit is operable to generate the controlpacket data including the control request; and the second communicationunit is operable to send the control packet data to said home terminalapparatus via the router, after the connection is established betweensaid home terminal apparatus and the server apparatus using the secondcommunication protocol.
 14. The home terminal apparatus according toclaim 13, wherein the second communication unit is operable to send thecontrol packet data to said home terminal apparatus via the router, onlywhen the control request occurs in the server apparatus.
 15. The hometerminal apparatus according to claim 13, wherein the secondcommunication unit is operable to send the control packet data to saidhome terminal apparatus via the router, only when receiving, from saidhome terminal apparatus, an inquiry packet for inquiring about thecontrol request.
 16. The home terminal apparatus according to claim 11,wherein: the server apparatus further includes: a terminal informationstorage unit operable to store, as terminal information, a terminal IDof said home terminal apparatus, a global address of the router which isan address of a sender, and a global port number of the router which isa port number of the sender, which is information included in the packetdata received by the second communication unit; and an extraction unitoperable to extract, from the terminal information storage unit, theglobal address and the global port number which correspond to theterminal ID, when the control request to control said home terminalapparatus with the terminal ID occurs in the server apparatus; and thesecond packet generation unit is operable to generate the notificationpacket that includes notification information, the notificationinformation being information indicating the occurrence of the controlrequest, and the notification packet including, respectively as adestination address and a destination port number, the global addressand the global port number extracted by the extraction unit.
 17. Thehome terminal apparatus according to claim 11, wherein: the serverapparatus further includes a second management unit operable to manage aserver certificate, which is a certificate for verifying validity of theserver apparatus; and the second communication unit is operable to send,to said home terminal apparatus, the server certificate managed by thesecond management unit, after receiving, from said home terminalapparatus, the connection request packet, which is a packet forrequesting a connection to the server apparatus using the secondcommunication protocol.
 18. The home terminal apparatus according toclaim 11, wherein the server apparatus further includes a secondauthentication unit operable to authenticate said home terminalapparatus as a communication partner using a certificate, which is acertificate for verifying validity of said home terminal apparatus asthe communication partner.
 19. The home terminal apparatus according toclaim 11, wherein the server apparatus further includes a secondencryption unit operable to encrypt data in a channel between said hometerminal apparatus and the server apparatus that uses the secondcommunication protocol when the control information is sent/received toand from said home terminal apparatus.
 20. The home terminal apparatusaccording to claim 11, wherein: an application server is connected tothe external network; the second packet generation unit of the serverapparatus is operable to generate the notification packet indicating theoccurrence of the control request, the notification packet including anapplication server identifier for identifying the application server;the second communication unit is operable to send the notificationpacket to said home terminal apparatus via the router; said hometerminal apparatus further comprises: a storage unit operable to storeapplication server identifier/address information including at least theapplication server identifier and an address of the application server;and an extraction unit operable to extract, from the application serveridentifier/address information stored by said storage unit, the addressof the application server that corresponds to the application serveridentifier included in the notification packet, when said communicationunit receives the notification packet from the router; and said packetgeneration unit is operable to generate the connection request packet,which is a packet that describes the address of the application serveras a destination address.
 21. The home terminal apparatus according toclaim 20, wherein: said storage unit is operable to store a port numberof the application server to the application server identifier/addressinformation; said extraction unit is operable to extract, from theapplication server identifier/address information stored by said storageunit, the address of the application server and the port number of theapplication server that correspond to the application server identifierincluded in the notification packet, when said communication unitreceives the notification packet from the router; said packet generationunit is operable to generate the connection request packet thatdescribes the address of the application server as the destinationaddress and the port number of the application server as a destinationport number; and said communication unit is operable to send theconnection request packet to the server apparatus via the router. 22.The home terminal apparatus according to claim 20, wherein: said storageunit is operable to store the application server identifier/addressinformation that includes the application server identifier and a URL ofthe application server; said extraction unit is operable to extract,from the application server identifier/address information stored bysaid storage unit, the URL of the application server that corresponds tothe application server identifier included in the notification packet,when said communication unit receives the notification packet from therouter; and said communication unit is operable to send the connectionrequest packet to the URL.
 23. The home terminal apparatus according toclaim 22, wherein: an address list notification server is connected tothe external network; the address list notification server includes asending unit operable to send, to said home terminal apparatus, anaddress list notification packet, which is a packet including anotherapplication server identifier/address information via the router; andsaid home terminal apparatus further comprises an update unit operableto update the application server identifier/address information storedby said storage unit, on the basis of the another application serveridentifier/address information included in the received address listnotification packet from the router.
 24. The home terminal apparatusaccording to claim 1, wherein the router is directly connected to theexternal network, not via an internet service provider.
 25. Acommunication system comprising: a server apparatus connected to anexternal network; a home terminal apparatus connected to a home network;and a router which connects the external network and the home network,wherein: said home terminal apparatus includes: a packet generation unitoperable to generate packet data to be sent to said server apparatus viasaid router; a protocol determination unit operable to determine acommunication protocol used between said home terminal apparatus andsaid server apparatus; and a communication unit operable to send/receivethe packet data to and from said server apparatus via said router; saidserver apparatus includes: a second communication unit operable tosend/receive packet data; and a second packet generation unit operableto generate the packet data to be sent to said home terminal apparatus;and said protocol determination unit is operable to determine that saidhome terminal apparatus is to communicate with said server apparatususing (i) a first communication protocol, being a User Datagram Protocol(UDP), when said communication unit sends address notification packetdata generated by said packet generation unit to said server apparatusperiodically and repeatedly at a predetermined sending interval via saidrouter, and (ii) a second communication protocol, being a TransmissionControl Protocol (TCP), when said communication unit sends/receivescontrol information to and from said server apparatus, wherein: saidsecond packet generation unit of said server apparatus is operable togenerate a notification packet indicating an occurrence of a controlrequest to control said home terminal apparatus, when the controlrequest occurs in said server apparatus; said second communication unitis operable to send the notification packet to said home terminalapparatus via said router; when said communication unit of said hometerminal apparatus receives the notification packet from said serverapparatus while said communication unit is repeating the sending, usingthe UDP, of the address notification packet data on a periodical basis,said packet generation unit is operable to generate a connection requestpacket for making a connection request, which is a request to establisha TCP connection to said server apparatus, and said protocoldetermination unit is operable to determine that the connection requestpacket is to be communicated using the second communication protocolwhich is the TCP; and said communication unit is operable to send theconnection request packet to the server apparatus using the TCP, andoperable to receive, from said server apparatus, control packet data,which is data including the control request in the TCP after theconnection is established between said server apparatus and said hometerminal apparatus using the second communication protocol which is theTCP.
 26. A communication method in which an external network to which aserver apparatus is connected and a home network to which a hometerminal apparatus is connected are connected via a router, saidcommunication method comprising home terminal apparatus steps executedby the home terminal apparatus and server apparatus steps executed bythe server apparatus, wherein the home terminal apparatus steps include:generating packet data to be sent to the server apparatus via therouter; determining a communication protocol used between the hometerminal apparatus and the server apparatus; and sending/receiving thepacket data to and from the server apparatus via the router, wherein theserver apparatus steps include: sending/receiving packet data to andfrom the home terminal apparatus via the router; and generating thepacket data to be sent to the home terminal apparatus, wherein, saiddetermining of the communication protocol includes determining that thehome terminal apparatus is to communicate with the server apparatususing (i) a first communication protocol, being a User Datagram Protocol(UDP), when address notification packet data, which is packet datagenerated in said generating of the packet data executed by the hometerminal apparatus, is sent to the server apparatus periodically andrepeatedly at a predetermined sending interval via the router in saidsending/receiving of the packet data executed by the home terminalapparatus, and (ii) a second communication protocol, being aTransmission Control Protocol (TCP), when control information issent/received to and from the server apparatus in said sending/receivingof the packet data executed by the home terminal apparatus, and whereinthe home terminal apparatus steps further include, when the hometerminal apparatus receives, from the server apparatus, a notificationpacket indicating an occurrence of a control request to control the hometerminal apparatus while the home terminal apparatus is repeating thesending, using the UDP, of the address notification packet data on aperiodical basis: generating a connection request packet, which is apacket for making a connection request to establish a TCP connection tothe server apparatus; determining that the connection request packet isto be communicated using the second communication protocol which is theTCP; sending the connection request packet to the server apparatus usingthe TCP; and receiving, from the server apparatus, control packet data,which is data including the control request in the TCP after theconnection is established between the server apparatus and the hometerminal apparatus using the second communication protocol which is theTCP.
 27. A program stored on a computer-readable storage medium forcausing a home terminal apparatus connected to a router via a homenetwork to send/receive packet data to and from the router connected toan external network to which a server apparatus is connected, saidprogram causing an execution of home terminal apparatus steps by thehome terminal apparatus and an execution of server apparatus steps bythe server apparatus, wherein: the home terminal apparatus stepsinclude: generating packet data to be sent to the server apparatus viathe router; determining a communication protocol used between the hometerminal apparatus and the server apparatus; and sending/receiving thepacket data to and from the server apparatus via the router; and saiddetermining of the communication protocol includes determining that thehome terminal apparatus is to communicate with the server apparatususing (i) a first communication protocol, being a User Datagram Protocol(UDP), when address notification packet data, which is packet datagenerated in said generating of the packet data, is sent to the serverapparatus periodically and repeatedly at a predetermined sendinginterval via the router in said sending/receiving of the packet data,and (ii) a second communication protocol, being a Transmission ControlProtocol (TCP), when control information is sent/received to and fromthe server apparatus in said sending/receiving of the packet data, andwherein the home terminal apparatus steps further include, when the hometerminal apparatus receives, from the server apparatus, a notificationpacket indicating an occurrence of a control request to control the hometerminal apparatus while the home terminal apparatus is repeating thesending, using the UDP, of the address notification packet data on aperiodical basis: generating a connection request packet, which is apacket for making a connection request to establish a TCP connection tothe server apparatus; determining that the connection request packet isto be communicated using the second communication protocol which is theTCP; sending the connection request packet to the server apparatus usingthe TCP; and receiving, from the server apparatus, control packet data,which is data including the control request in the TCP after theconnection is established between the server apparatus and the hometerminal apparatus using the second communication protocol which is theTCP.
 28. The program according to claim 27, wherein the server apparatussteps include: sending/receiving packet data to and from the hometerminal apparatus via the router; generating the packet data to be sentto the home terminal apparatus; and generating a notification packetindicating an occurrence of a control request to control the hometerminal apparatus when the control request occurs in the serverapparatus and sending the notification packet to the home terminalapparatus via the router.
 29. The home terminal apparatus according toclaim 1, wherein the periodical basis is a cycle that is shorter than aperiod that a conversion table containing addresses is held by therouter.